When BMIT announced its sponsorship of Nick Mercieca, we said we believed in an athlete with the potential to do something special for Maltese sport. In Tbilisi, Georgia, he delivered on exactly that promise.
At the Para Powerlifting European Championships, Nick became the first Maltese athlete ever to represent Malta at the competition, and he marked the occasion with a personal best of 114kg in the men's up to 59kg category, a 4kg improvement on his previous best set at the Para Powerlifting World Championships in October 2025. He recorded a clean sweep of nine white lights across all three rounds, lifting 106kg, 111kg and 114kg in succession. That kind of consistency under championship conditions does not happen by chance. It is the product of months of disciplined preparation.
In the Next Generation category for athletes aged 18 to 20, Nick claimed silver for best lift and gold for total lift.
The Malta Paralympic Committee described Nick as someone who "remains calm and composed, and has grown to enjoy the moment to showcase the hard work and commitment he put in over months and months of training." We recognise that quality. It is the same mindset we value in everything we do.
The European Championships are a key milestone on the qualification pathway toward the Los Angeles 2028 Paralympic Games, and that is where Nick's sights are firmly set. This is just the beginning, and BMIT will be with him every step of the way.
Strategic investments and diversified growth drive strong performance
Malta – BMIT Technologies p.l.c. (MSE: BMIT), Malta's leading digital infrastructure and managed IT services provider, today announced record revenue of €36.5 million for the year ended 31 December 2025, representing growth of 8.7% year-on-year.
The Company reported EBITDA of €12.0 million, profit before tax of €6.3 million, and earnings per share of €0.02. Performance remained in line with projections, reflecting strong contributions from both Managed IT Services and Digital Infrastructure segments, alongside strategic investments that position BMIT for long-term value creation.
Commenting on the results, Nikhil Patil, Chairman, said: "Our expansion into Digital Infrastructure represents structural diversification. Infrastructure assets operate with different economics than service businesses, generating stable cash flows whilst creating strategic flexibility. Combined with managed IT services that address complex client demands, this positions BMIT uniquely in Malta's market. We are building competitive advantages that strengthen over time."
2025 Strategic Investments
During 2025, BMIT completed two strategic investments. The acquisition of a 51% stake in 56Bit Ltd, an AWS specialist, strengthened BMIT's advanced cloud capabilities and expanded expertise in hybrid and multi-cloud architectures. Investment in a 49% stake in Malta Properties Company p.l.c. expanded the Group's digital infrastructure platform, providing strategic adjacency and long-term value creation opportunities that complement its passive mobile network infrastructure ownership.
Operational Performance
Data centre and managed IT services revenue grew 9% to €32.3 million, driven by strong demand for cloud services, professional services, and cybersecurity solutions. BMIT launched three new security services during the year: virtual CISO, managed detection and response, and vulnerability and threat management. Early client adoption exceeded expectations as regulatory frameworks including NIS2 and DORA reshaped technology spending priorities.
The Mobile Network Towers segment, managing close to 300 sites, generated revenue of €4.3 million in its second year of operations, performing ahead of expectations as the operation transitioned from acquisition to operational delivery. This asset class continues to provide stable, predictable cash flows with potential for long-term tenancy growth.
Christian Sammut, Chief Executive Officer, commented: "The composition of our growth tells an important story. Cloud services, professional services, and cybersecurity more than compensated for maturity in traditional data centre services, while our tower infrastructure performed ahead of expectations. These achievements reflect a decade of deliberate choices about where technology markets were heading and where BMIT could create differentiated value."
Financial Position and Outlook
Total assets stood at €96.4 million as at 31 December 2025, with the Group maintaining positive operating cash flows. The Board is recommending a final net dividend of €0.0183 per share, with shareholders offered the option of cash or scrip dividend.
Looking ahead, BMIT continues investing across both strategic pillars and is pursuing regional expansion opportunities beyond Malta.
Cloud computing powers the modern economy. Global providers such as Amazon, Microsoft, and Google deliver massive-scale infrastructure that businesses rely on every day. But these platforms are not immune to outages. When they fail, the impact can be wide and costly.
In a recent feature by MaltaCEOs.mt, our Chief of Service Delivery, Sean Cohen, explained why resilience is a design choice. Here’s an extract from that article, with added context for business leaders who want to stay online, always.
Hyperscalers operate vast networks and data centres, offering compute, storage, and services at scale. Their size brings efficiency and reach, but it also concentrates risk. A single disruption can ripple across industries.
Sean Cohen put it simply: “Hybrid deployments and multi cloud design are essential. Relying on a single platform can put operations and trust at risk. By pairing local hosting with public cloud, organisations keep control of critical workloads and reduce exposure to a single point of failure.”
He added: “Resilience starts with clear choices. Identify mission critical workloads and build redundancy. Multi cloud is a business continuity decision, not only a technical one. If one provider has issues, the business should continue.”
Outages are not a question of if. They are a question of when. The organisations that thrive are those that anticipate disruption and build for resilience. Start with three moves:
- Map critical workloads and dependencies.
- Use hybrid placement for the most sensitive systems.
- Spread risk across providers where it adds value.
Curious how your business can stay up and running even when the big cloud providers let you down? Our Hybrid IT solutions blend the best of cloud and local tech, so you get the flexibility and peace of mind you need, without the headaches. If you’d like to chat about how we can make IT simple and secure for you, take a look at what Hybrid IT by BMIT Technologies can do for your business.
Source: Extract adapted from MaltaCEOs.mt article on staying online during hyperscaler outages.
Ongoing partnership supports Gozo’s only dedicated swimming school for children and teenagers
BMIT Technologies has renewed its sponsorship of Otters Swimming Academy, extending its support for Gozo’s only specialised swimming programme for children and teens.
This multi-year partnership has helped Otters offer dedicated swimming lessons to hundreds of young people across Gozo, giving more children the chance to develop their skills in a safe, structured, and supportive environment. The renewed sponsorship will help the club extend its reach even further in the year ahead.
“We’re proud to continue supporting Otters Swimming Academy and the important work they do in our community,” said Jack Mizzi, Chief Digital & Market Enablement Officer at BMIT. Swimming is not just a sport. It’s a fundamental life skill. Our sponsorship plays a direct role in helping young people across the island gain confidence, discipline and safety in the water.”
Otters Swimming Academy provides children as young as five with a structured pathway through four development stages, starting from basic aquatic mobility and progressing to more advanced swimming and training techniques. The programme is run by qualified coaches and supports swimmers of all abilities.
“For several years, BMIT has been a true partner in our mission to make swimming lessons more accessible,” said Enzo Dimech, President of Otters Aquatic Sports Club and of Otters Swimming Academy. “Together we are helping young people across Gozo, building not just skills, but a stronger, healthier community. Their continued commitment allows us to grow the programme and reach even more children each year.”
The renewed sponsorship forms part of BMIT’s broader commitment to supporting local initiatives that promote youth development, wellbeing, and education. Just last month, BMIT announced its support for para powerlifter Nick Mercieca on his journey to the Paralympics in 2028.
BMIT Technologies is proud to announce recognition as a Microsoft Solutions Partner for Security.
This designation is Microsoft’s way of identifying partners with proven capability to deliver advanced security, compliance, and identity solutions. It is our third designation, alongside Modern Work and Azure Infrastructure and strengthens our role as a comprehensive technology partner for growing businesses.
Why this matters
Cyber threats evolve quickly, and so must defences. This Security designation validates our ability to implement enterprise-grade security solutions that protect, scale, and adapt with our clients' evolving business needs. It also reflects our approach to Zero Trust—verifying every access request, regardless of user, device, or location.
What This Means for Our Clients
What clients gain
We design and operate integrated Microsoft security environments, including Microsoft Defender for Endpoint, Microsoft Sentinel, and Microsoft Entra for identity and access. Together, these solutions help organisations detect and respond to threats faster, reduce risk exposure, and simplify compliance.
Security is most effective when it’s built into the IT roadmap, not added as a reaction to incidents. We align security priorities with business objectives, so protection grows in step with expansion, new services, and changing regulations.
Backed by Microsoft
As a Solutions Partner for Security, we benefit from enhanced technical support, dedicated environments, and early access to Microsoft’s latest innovations. Clients see the impact in faster deployments, better-informed architecture decisions, and proactive responses to emerging threats.
Building for the future
This designation deepens our partnership with Microsoft and ensures we continue to apply best practices and the latest capabilities across identity, threat detection, data protection, and compliance. Our goal remains constant: enable confident growth while maintaining security and operational excellence.
Let’s talk
Ready to strengthen your security posture? Let’s discuss how our enhanced capabilities can protect and empower your business.
Learn more about our cybersecurity services: https://www.bmit.com.mt/cybersecurity/
BMIT has been awarded Gold status as a Veeam Cloud Service Provider (VCSP) Partner!
This achievement highlights our ongoing commitment to excellence, innovation, and delivering trusted cloud and data protection solutions. Earning Gold status is a significant recognition from Veeam, demonstrating that our expertise and dedication place us among the industry’s top service providers.
For our valued customers, this milestone is a further assurance that you are partnering with a provider who not only meets, but exceeds high industry standards. As we continue to grow and evolve, our focus remains on delivering exceptional value and service to you.
SmartCity Malta – November 11, 2024 – BMIT Technologies (MSE: BMIT), Malta’s leading provider of infrastructure, hybrid cloud, cyber resilience, and managed IT services is announcing today that it has achieved the prestigious Hewlett Packard Enterprise (HPE) Platinum Solution Provider Partner status.
This recognition highlights BMIT’s dedication to delivering exceptional value and expertise in deploying HPE’s cutting-edge technologies to its clients. Achieving HPE Platinum Partner status signifies that BMIT has met stringent requirements in technical specialisations and certifications, and commercial engagements.
This is the highest level of HPE Partner status in the HPE Partner Ready programme. Platinum signifies the highest level of expertise and certification to build and configure HPE solutions. As a Platinum Partner, BMIT gains access to exclusive HPE resources, including advanced training, certifications, and the latest technologies, enabling BMIT’s team to deliver exceptional service and solutions that meet the evolving needs of our clients.
“Reaching HPE Platinum Partner status is confirmation of BMIT’s commitment and expertise designing and implementing HPE IT solutions for our customers,” said Sean Cohen, Chief Customer Delivery & Support Services Officer at BMIT.
“This achievement not only validates our capabilities but also strengthens our ability to drive innovation and success for the businesses we serve. We are excited to leverage this enhanced partnership to offer even greater value to our clients and help them accelerate their digital transformation journeys using HPE’s hybrid cloud, AI, and edge computing solutions.”
Zoran Balaban, CDG Sales Lead at HPE , said, “We are excited to welcome BMIT to the HPE Platinum Partner community. Their achievement reflects BMIT’s commitment to delivering transformative solutions that help businesses thrive in today’s digital economy. We look forward to working alongside BMIT to meet and exceed our mutual clients’ expectations and build on what is already a very successful partnership.”
About BMIT Technologies plc
BMIT Technologies plc is a technology company providing digital infrastructure, including tower operations and datacentre services, hybrid cloud solutions, cyber resilience, IT governance, implementation and managed services. The company specialises in designing, building, modernising, and managing enterprise IT setups that businesses rely on for growth, security, resilient operations and to thrive in a digital world. For more information visit: www.bmit.com.mt.
Phishing attacks show no sign of abating and continue to be one of the most pervasive and damaging.
Despite new technologies, training and awareness programmes, phishing persists, targeting the most vulnerable element in any security infrastructure: human judgment.
In the Email Security Risk Report 2024 by Egress, nine in 10 organisations said they were the victims of phishing attacks (94%), with nearly all of them (96%) saying they were ‘negatively impacted’.
Looking at the bigger cybersecurity picture, phishing accounted for 71% of cyber threats (ReliaQuest) with social engineering being the “most common route to achieve initial access” by cyber criminals to exploit legitimate users.
The same report said that AI’s generative technologies helped phishers to create more “realistic emails” and, for voice scammers, deep fake voice recordings of key colleagues.
Zscaler observed a nearly 60% year-on-year increase in phishing attacks in 2023 compared to the previous years.
It is safe to say that phishing is not going away any time soon. Even worse, it’s taking less time for a phishing attack to be successful. Palo Alto, in their incidence response report 2024, cite an example of how attackers gained access to an organisation, exfiltrated terabytes of data, and deployed ransomware to nearly 10,000 endpoints – in less than 14 hours. Initial entry started 30 minutes after the phishing email was sent.
As these malicious actors refine their techniques, it becomes increasingly crucial for both individuals and organisations to remain vigilant and well-informed about recognising and responding to phishing threats.
Two particularly dangerous variants of phishing have gained prominence in recent years: spear-phishing and business email compromise (BEC).
Spear-phishing represents a more targeted approach, where attackers craft messages tailored to specific individuals or organizations. These personalised attacks often leverage information gleaned from social media profiles or previous data breaches, significantly increasing their credibility and potential for success.
BEC attacks, on the other hand, involve the infiltration or spoofing of legitimate business email accounts. Cybercriminals use these compromised or imitated accounts to trick employees into making unauthorised financial transactions or transferring sensitive data. The consequences of these attacks can be severe, often resulting in substantial financial losses and irreparable damage to an organisation’s reputation.
Recognising the Signs of Phishing
Identifying phishing attempts requires a keen eye and a healthy dose of scepticism. While attackers continually refine their techniques, several common red flags can help individuals spot potential threats:
Language: Phishing emails often contain grammatical errors, awkward phrasing, or inconsistent formatting that can indicate a fraudulent source.
Unexpected Attachments or Links: Be wary of emails containing attachments or links you weren't expecting, especially if they come with vague or urgent messages encouraging you to open them.
Requests for Sensitive Information: Legitimate organisations rarely, if ever, ask for sensitive personal or financial information via email. Any such request should be treated with extreme caution.
Mismatched or Suspicious URLs: Hover over links without clicking to reveal their true destination. If the URL doesn't match the purported sender or seems off in any way, it's likely a phishing attempt.
Pressure Tactics: Phishing emails often create a false sense of urgency, threatening negative consequences if immediate action isn't taken. This pressure is designed to override rational decision-making.
When faced with a suspicious email, it's important to pause, assess the situation carefully, and verify the sender's identity through alternative means before taking any action, regardless of how urgent the message may seem.
Always report suspect attempts
Recognising phishing is only half the battle; reporting these attempts is equally important. Employees should follow their organisation's established procedures for reporting suspicious communications. Some companies may also have dedicated channels or teams responsible for handling potential security threats. Prompt reporting can prevent further damage and help protect colleagues from falling victim to the same attack.
A Comprehensive Defence Strategy
Effectively preventing phishing attacks requires a multi-faceted approach that combines technological solutions with human vigilance. On the technical side, organisations should implement robust security measures such as advanced spam filters, next-generation firewalls, and email authentication protocols like DMARC (Domain-based Message Authentication, Reporting, and Conformance).
However, even the most sophisticated technical defences can be circumvented by a single moment of human error. This is why employee awareness and training are indispensable components of a comprehensive anti-phishing strategy. Regular phishing simulations expose employees to realistic but safe examples of phishing attempts, helping them develop the skills needed to identify and respond to real threats. Comprehensive security awareness training should cover not only how to recognise phishing but also the proper procedures for reporting suspicious communications.
Creating a security culture within an organisation is perhaps the most effective long-term strategy for mitigating the risk of phishing attacks. This involves fostering an environment where employees feel empowered to question suspicious communications, share potential threats with their colleagues, and actively participate in the organisation's security efforts.
The threat of phishing is unlikely to disappear entirely, so a combination of technological defences, human awareness, and proactive reporting can significantly mitigate the risks.
Not every organisation has the resources or skillset to develop and run regular awareness programmes. Partnering with a managed service provider like BMIT can make all the difference to your security efforts. Contact us today for more information about our training and awareness programmes.
Multi-Factor Authentication (MFA) is a powerful security tool that significantly reduces the risk of unauthorised access and protects an organisation’s digital assets and sensitive information.
According to Microsoft, more than 99.9% of all compromised accounts do not have MFA enabled. Adoption figures vary according to company size, with larger organisations more likely to have implemented MFA (62%) than smaller organisations (38%). A survey by JumpCloud of 1,000 SMEs found that 83% of respondents required employees to use MFA to access all their resources.
What is multi-factor authentication?
At its core, MFA is a security system that requires users to provide two or more verification factors to gain access to a resource such as an online account, VPN, or application. It combines something you know (like a password), something you have (mobile app or hardware token), and something you are (biometric data like a fingerprint). This layered approach significantly enhances security by making it a lot more difficult for unauthorised users to gain access, even if they manage to compromise one factor.
The need for MFA has never been more pressing. At a time when sophisticated hacking techniques and data breaches are commonplace, relying solely on passwords is akin to leaving your front door unlocked in a high-crime neighbourhood. Passwords, once the gold standard of digital security, are now often the weakest link in our cybersecurity chain. They can be guessed, stolen, or cracked.
No security measure provides 100% security but have MFA is better than nothing at all. MFA can be attacked in several ways such as SIM-Jacking and Other Telephony Vulnerabilities; MFA Hammering or Grieving Attacks, and Adversary-in-the-Middle (AiTM) Attacks. These attacks target weaknesses in some types of MFA.
The weakest form of MFA uses text messages or voice. The next level, which is adopted by most, uses an application to provide a One-Time Password (OTP), mobile push notifications (with or without number matching) and token-based OTP. The most secure option is phishing-resistant MFA and this uses FIDO / WebAuthn authentication. The use of FIDO is strongly recommended by the US’s Cybersecurity Infrastructure Security Agency (CISA).
Where to implement MFA?
The simple answer is wherever you can. Start by auditing your accounts to identify which ones offer MFA and prioritise enabling it on the most critical ones. Email accounts, financial services, social media accounts, online stores and gaming and entertainment services should all authenticate with some form of MFA.
Implementation is but part of the game. Educating employees on the importance of MFA is crucial as is dispelling some of their ‘concerns’ that it is a nuisance and takes time and so on. There should be a balance between security and productivity (user complaints) but security should always take priority. Most platforms today are user-friendly and enabling MFA is a fast process. Yes, authentication requires an extra step but that should not be a reason not to implement MFA.
Many compliance requirements for regulations such as GDPR, PCI-DSS, DORA and HIPAA recommend or indirectly refer to MFA as a critical layer of security needed to a build resilience and have a robust security posture.
There is no overarching reason why MFA should not be implemented. Integration with legacy systems may pose a challenge but most modern platforms support multi-factor authentication. MFA reduces an organisation's vulnerability to unauthorised access, data breaches, and cyberattacks.
Don't wait for a breach to occur before acting.
How can BMIT help?
Do you need help to implement multi-factor authentication or other security measures in your organisation? Are you employees fully prepared to use MFA or have the awareness to notice and attack? Fill in the form below to talk to one of BMIT’s security experts today.
October 2025: BMIT Technologies’ ISO 27001 and PCI DSS certifications have been renewed following separate annual independent audits.
Both audits confirmed that BMIT’s systems and processes were operating to a consistently very high standard.
The ISO 27001:2022 certification is an internationally recognised standard for information security management systems. It demonstrates our robust approach to protecting customer data from unauthorised access, loss or damage as well as our commitment to maintaining the confidentiality, integrity, and availability of its customers' data.
The PCI DSS standard defines security requirements to protect environments where payment account data is stored, processed, or transmitted. PCI DSS provides a baseline of technical and operational requirements designed to protect payment account data.
"Renewing our ISO 27001:2022 and PCI-DSS certifications reflects our continued focus on maintaining strong security practices and meeting compliance requirements. These certifications ensure that we are following recognised standards for protecting customer infrastructures trusted to BMIT," said Dione Vella, Chief Digital and Compliance Officer at BMIT.
For more info about our solutions please click here.
